This question already has answers here:
How do I make a redirect in PHP?
(34 answers)
Closed 4 years ago.
my php contact form works and sends me an email when people fill it out. what is happinging though is when they click submit, the screen goes white and nothing happens. I want the page to refresh or redirect to another page. How Can I get it to refresh?
here is my PHP:
<?php
// define variables and set to empty values
$name_error = $email_error = "";
$name = $email = $message = $success = "";
//form is submitted with POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$name_error = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$name_error = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$email_error = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$email_error = "Invalid email format";
}
}
if (empty($_POST["message"])) {
$message = "";
} else {
$message = test_input($_POST["message"]);
}
if ($name_error == '' and $email_error == '' ){
$message_body = '';
unset($_POST['submit']);
foreach ($_POST as $key => $value){
$message_body .= "$key: $value\n";
}
$to = 'whitandr#oregonstate.edu';
$subject = 'Contact Form Submit';
if (mail($to, $subject, $message_body)){
$success = "Message sent, thank you!";
$name = $email = $message = '';
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
You can add this to the end of your script to redirect the user header('Location: success.php');
Related
<?php
$name_error = $email_error = $phone_error = $url_error = $last_name_error= "";
$firstName = $lastName = $email = $phone = $message = $url = $success = "";
if (isset($_POST["sendMessage"])) {
if (empty($_POST["firstName"])) {
$name_error = "Name is required";
} else {
$firstName = test_input($_POST["firstName"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$firstName)) {
$name_error = "Only letters and white space allowed";
}
}
if (empty($_POST["lastName"])) {
$last_name_error = "Name is required";
} else {
$lastName = test_input($_POST["lastName"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lastName)) {
$last_name_error = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$email_error = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$email_error = "Invalid email format";
}
}
if (empty($_POST["phone"])) {
$phone_error = "Phone is required";
} else {
$phone = test_input($_POST["phone"]);
// check if e-mail address is well-formed
if (!preg_match("/^(\d[\s-]?)?[\(\[\s-]{0,2}?\d{3}[\)\]\s-]{0,2}?\d{3}[\s-]?\d{4}$/i",$phone)) {
$phone_error = "Invalid phone number";
}
}
if (empty($_POST["message"])) {
$message = "";
} else {
$message = test_input($_POST["message"]);
}
if ($name_error == '' and $last_name_error == '' and $email_error == '' and $phone_error == '' ){
$message_body = '';
unset($_POST['sendMessage']);
foreach ($_POST as $key => $value){
$message_body .= "$key: $value\n";
}
$to = 'some#gmail.com';
$subject = 'webmaster#example.com';
if (mail($to, $subject, $message)){
$success = "Message sent, thank you for contacting us!";
$firstName = $lastName = $email = $phone = $message = '';
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
I tried to make this contact form validated. but it doesn't work. whenever i send a email form live server only message is send but name, phone, email don't send. please someone help me. I am working on it since last day but not working.
Thats because you're not sending them at all. Look at your code:
if (mail($to, $subject, $message)){
Yoou're sending the variable $message as message, thats fine.. but, lets have a look whats inside this variable:
if (empty($_POST["message"])) {
$message = "";
} else {
$message = test_input($_POST["message"]);
}
You're assigning the value of $_POST["message"] to it - nothing else.
foreach ($_POST as $key => $value){
$message_body .= "$key: $value\n";
}
I think you would send $message_body instead of $message, then it should work fine :)
Hope it help.
Here is what I got thus far. Where would I an my inline code? I also have the html page where the form is coded yet I have it linked to this php page. The form works great just wanted to add some style to it for a client.
<?php
// define variables and set to empty values
$name_error = $email_error = $phone_error = $subject_error = "";
$name = $email = $phone = $message = $subject = $success = "";
//form is submitted with POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$name_error = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$name_error = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$email_error = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$email_error = "Invalid email format";
}
}
if (empty($_POST["phone"])) {
$phone_error = "Phone is required";
} else {
$phone = test_input($_POST["phone"]);
// check if phone number is well-formed
if (!preg_match("/^(\d[\s-]?)?[\(\[\s-]{0,2}?\d{3}[\)\]\s-]{0,2}?\d{3} [\s-]?\d{4}$/i",$phone)) {
$phone_error = "Invalid phone number";
}
}
if (empty($_POST["subject"])) {
$subject_error = "Subject is required";
} else {
$subject = test_input($_POST["subject"]);
// check if subject is proper text form
if (!preg_match("/^[a-zA-Z ]*$/",$subject)) {
$subject_error = "Invalid URL";
}
}
if (empty($_POST["message"])) {
$message = "";
} else {
$message = test_input($_POST["message"]);
}
if ($name_error == '' and $email_error == '' and $phone_error == '' and $subject_error == '' ){
$message_body = '';
unset($_POST['submit']);
foreach ($_POST as $key => $value){
$message_body .= "$key: $value\n";
}
// sends message to an email address specified.
$to = 'email#gmail.com';
$subject = 'Contact Form Submit';
if (mail($to, $subject, $name, $message)){
$success = "Message sent, thank you for contacting us!";
$name = $email = $phone = $message = $subject = '';
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
any help would be appreciated!
First, i think you have an error in your mail() function call.
The right way to send an email using this function is:
mail($to, $subject, $message, $headers);
The $headers parameter is optional, but if you need to send stylesh emails, you'll need this.
An example of these headers:
$headers = "From: $name<$email>".PHP_EOL;
$headers .= "MIME-Version: 1.0".PHP_EOL;
$headers .= "X-Mailer:PHP/".phpversion()."".PHP_EOL;
$headers .= "Content-Type: text/html; charset=utf-8".PHP_EOL;
With these headers you are saying to the email client that you are sending html content, then, in your $message you can put some tags like:
$message = "<strong>Name:</strong> $name<br /><strong>Lorem ipsum</strong><br /><hr />Lorem ipsum";
Note: if you want to include some images, just use the tag, but using publics urls in the src, like this:
<img src="http://www.yoursite.com/emails/email-header.jpg" />
When I click the submit button without filling the form, a new entry appears on database with the ID but the form keep validating and showing the user, this field is required but why the form is still submitting to the database?
Here is my code, kindly help, I am new in PHP and very tired of solving such problem.
<?php
include 'dbc.php';
// define variables and set to empty values
$name_error = $email_error = $phone_error = $url_error = $message_error = "";
$name = $email = $phone = $message = $url = $success = "";
//form is submitted with POST method
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["name"])) {
$name_error = "Name is required";
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$name_error = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$email_error = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$email_error = "Invalid email format";
}
}
if (empty($_POST["phone"])) {
$phone_error = "Phone is required";
} else {
$phone = test_input($_POST["phone"]);
// check if e-mail address is well-formed
}
if (empty($_POST["url"])) {
$url_error = "Website url is required";
} else {
$url = test_input($_POST["url"]);
// check if URL address syntax is valid (this regular expression also allows dashes in the URL)
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$url)) {
$url_error = "Invalid URL";
}
}
if (empty($_POST["message"])) {
$message_error = "Message field is required";
} else {
$message = test_input($_POST["message"]);
}
if ($name_error == '' and $email_error == '' and $phone_error == '' and $url_error == '' and $message_error == ''){
$message = 'Hello Ladies';
unset($_POST['submit']);
foreach ($_POST as $key => $value){
$message .= "$key: $value\n";
}
$to = 'sample#email.com';
$subject = 'Contact Form Submit';
if (mail($to, $subject, $message)){
$success = "Message sent, thank you for contacting us!";
}
}
$query = "INSERT INTO clients(name,email,phone,url,message) ";
$query .= "VALUES('$name', '$email', '$phone', '$url', '$message') ";
$create_user = mysqli_query($mysqli, $query);
if (!$create_user) {
die("QUERY FAILED. " . mysqli_error($mysqli));
}
}
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
I hope I don't get downvote.
The only check actually being made before the query is run, is
if ($_SERVER["REQUEST_METHOD"] == "POST") {
which means that the only requirement for inserting values, is that the form is sent over POST, nothing else. This can be checked with a proper editor and seeing what brackets are wrapped around your query. You do some checks earlier in the code to validate and check the input, but this doesn't tell if the query should be run or not.
If you move the closing-bracket } of the following if-block
if ($name_error == '' and $email_error == '' and $phone_error == '' and $url_error == '' and $message_error == ''){
until after the query is performed, the query will only run if it passed all your checks. (place it after the following snippet)
if (!$create_user) {
die("QUERY FAILED. " . mysqli_error($mysqli));
}
In other remarks, your test_input() is rubbish (really) and you shouldn't use it. Parameterize your queries instead and filter the input with proper functions. There are validation filters and sanitation filters already implemented in PHP, you should use them if you need to.
You should prepare and bind the values of your queries using mysqli::prepare(), this will handle any issues dealing with quotes and protect your database against SQL injection.
References
mysqli::prepare()
How can I prevent SQL injection in PHP?
I am new to PHP and currently getting back to HTML. I have made a form and have the data sent and validated by PHP but I am trying to send the email to myself only after the data had been validated and is correct. Currently if the page is loaded I think it send an email and it will send whenever I hit submit without the data being correct.
Here is where I validate the data:
<?php
//Set main variables for the data.
$fname = $lname = $email = $subject = $website = $likedsite = $findoption = $comments = "";
//Set the empty error variables.
$fnameErr = $lnameErr = $emailErr = $subjectErr = $commentsErr = $websiteErr = $findoptionErr = "";
//Check to see if the form was submitted.
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
//Check the 'First Name' field.
if (empty($_POST["fname"]))
{
$fnameErr = "First Name is Required.";
}
else
{
$fname = validate_info($_POST["fname"]);
}
//Check the 'Last Name' field.
if (empty($_POST["lname"]))
{
$lnameErr = "Last Name is Required.";
}
else
{
$lname = validate_info($_POST["lname"]);
}
//Check the 'E-Mail' field.
if (empty($_POST["email"]))
{
$emailErr = "E-Mail is Required.";
}
else
{
$email = validate_info($_POST["email"]);
//Check if valid email.
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$emailErr = "Invalid E-Mail Format.";
}
}
//Check the 'Subject' field.
if (empty($_POST["subject"]))
{
$subjectErr = "Subject is Required.";
}
else
{
$subject = validate_info($_POST["subject"]);
}
//Check the 'Website' field.
if (empty($_POST["siteurl"]))
{
$website = "";
}
else
{
$website = validate_info($_POST["siteurl"]);
//Check if valid URL.
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website))
{
$websiteErr = "Invalid URL.";
}
}
//Check the 'How Did You Find Us' options.
if (empty($_POST["howfind"]))
{
$findoptionErr = "Please Pick One.";
}
else
{
$findoption = validate_info($_POST["howfind"]);
}
//Check the comment box.
if (empty($_POST["questioncomments"]))
{
$commentsErr = "Questions/Comments are Required.";
}
else
{
$comments = validate_info($_POST["questioncomments"]);
}
//Pass any un-required data.
$likedsite = validate_info($_POST["likedsite"]);
}
function validate_info($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Sorry its a little lengthy.
Here is where I try to send the email. I have tried two different attempts and both have the same result.
<?php
if (!empty($fnameErr) || !empty($lnameErr) || !empty($subjectErr) || !empty($emailErr) || !empty($commentErr) || !empty($websiteErr) || !empty($findoptionErr))
{
echo "Sent!!";
}else
{
echo"Not Sent!!";
}
//Make the message.
$message =
"
First Name: $fname.\n
Last Name: $lname.\n
Website: $website\n
Did They Like the Site? $likedsite.\n
How They Found Us. $findoption.\n
Question/Comments:\n
$comments.
";
$message = wordwrap($message, 70);
$headers = "From: $email";
mail("me#gmail.com", $subject, $message, $headers);
?>
Once again sorry for the length. Thanks in advance also sorry if this is a double question or not described enough I am also new to stack overflow.
Please try:
<?php
//Set main variables for the data.
$fname = $lname = $email = $subject = $website = $likedsite = $findoption = $comments = "";
//Set the empty error variables.
$fnameErr = $lnameErr = $emailErr = $subjectErr = $commentsErr = $websiteErr = $findoptionErr = "";
//Initialize variable used to identify form is valid OR not.
$formValid = true;
//Check to see if the form was submitted.
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
//Check the 'First Name' field.
if (empty($_POST["fname"]))
{
$formValid = false;//Form not validate
$fnameErr = "First Name is Required.";
}
else
{
$fname = validate_info($_POST["fname"]);
}
//Check the 'Last Name' field.
if (empty($_POST["lname"]))
{
$formValid = false;//Form not validate
$lnameErr = "Last Name is Required.";
}
else
{
$lname = validate_info($_POST["lname"]);
}
//Check the 'E-Mail' field.
if (empty($_POST["email"]))
{
$formValid = false;//Form not validate
$emailErr = "E-Mail is Required.";
}
else
{
$email = validate_info($_POST["email"]);
//Check if valid email.
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$formValid = false;//Form not validate
$emailErr = "Invalid E-Mail Format.";
}
}
//Check the 'Subject' field.
if (empty($_POST["subject"]))
{
$formValid = false;//Form not validate
$subjectErr = "Subject is Required.";
}
else
{
$subject = validate_info($_POST["subject"]);
}
//Check the 'Website' field.
if (empty($_POST["siteurl"]))
{
$website = "";
}
else
{
$website = validate_info($_POST["siteurl"]);
//Check if valid URL.
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i",$website))
{
$formValid = false;//Form not validate
$websiteErr = "Invalid URL.";
}
}
//Check the 'How Did You Find Us' options.
if (empty($_POST["howfind"]))
{
$formValid = false;//Form not validate
$findoptionErr = "Please Pick One.";
}
else
{
$findoption = validate_info($_POST["howfind"]);
}
//Check the comment box.
if (empty($_POST["questioncomments"]))
{
$formValid = false;//Form not validate
$commentsErr = "Questions/Comments are Required.";
}
else
{
$comments = validate_info($_POST["questioncomments"]);
}
//Pass any un-required data.
$likedsite = validate_info($_POST["likedsite"]);
}
//If every variable value set, send mail OR display error...
if (!$formValid){
echo"Form not validate...";
}
else {
//Make the message.
$message =
"
First Name: $fname.\n
Last Name: $lname.\n
Website: $website\n
Did They Like the Site? $likedsite.\n
How They Found Us. $findoption.\n
Question/Comments:\n
$comments.
";
$message = wordwrap($message, 70);
$headers = "From: $email";
mail("me#gmail.com", $subject, $message, $headers);
if($sendMail){
echo "Mail Sent!!";
}
else {
echo "Mail Not Sent!!";
}
}
function validate_info($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
I edit my answer as per some change. Now this code only allow send mail if form required fields are not empty and all fields value are valid as per your validation.
Let me know if there is any concern.!
from what i was able to conceive, u are
trying to apply 'OR' in if condition- should be changed to AND i.e. change || to &&
you are checking for not empty error variables... which should be changed to verify if they all are empty or not.
if (empty($fnameErr) && empty($lnameErr) && empty($subjectErr) && empty($emailErr) && empty($commentErr) && empty($websiteErr) && empty($findoptionErr))
{
echo "sent";
}
Instead of writing lengthy conditions.
Assign all error messages to a single variable and append errors to it ($errorMsg). You can avoid lengthy if else ladder by doing this.
Change empty($_POST["email"]) to !isset($_POST["email"]) - In all statements.
Then update the condition to following,
<?php
if($errorMsg == ''){
//Make the message.
$message ="
First Name: ".$fname.".\n
Last Name: ".$lname."\n
Website: ".$website."\n
Did They Like the Site? ".$likedsite."\n
How They Found Us. ".$findoption."\n
Question/Comments:\n
".$comments." ";
$message = wordwrap($message, 70);
$headers = "From: $email";
mail("me#gmail.com", $subject, $message, $headers);
}else{
// Show $errorMsg
}
?>
Make it simple, I hope this helps.
Okay, I tried once again, this time I removed the multiple php open/closing tags. So below is one big php chunk of code. If I fill out the form and send, the redirect works and I get the email - this all works great. The one last problem is the validation - I can submit empty fields and it redirects to the thankyou page - it doesn't warn users to fill out the fields...
So why now is the validation not working??? Thanks for your help guys.
<?php
// define variables and set to empty values
$fname = $lname = $email = $phone = $location = $size = $pvtype = $message = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$company = test_input($_POST["company"]);
$fname = test_input($_POST["first-name"]);
$lname = test_input($_POST["last-name"]);
$email = test_input($_POST["email"]);
$phone = test_input($_POST["phone"]);
$address = test_input($_POST["address"]);
$city = test_input($_POST["city"]);
$provincestate = test_input($_POST["provincestate"]);
$country = test_input($_POST["country"]);
$location = test_input($_POST["location"]);
$size = test_input($_POST["size"]);
if(isset($_POST["type"])){ $type = $_POST['type'];}
$message = test_input ($_POST["message"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
// define variables and set to empty values
$companyErr = $fnameErr = $lnameErr = $emailErr = $phoneErr = $addressErr = $cityErr = $provincestateErr = $countryErr = $locationErr = $sizeErr = $typeErr = $messageErr ="";
$company = $fname = $lname = $email = $phone = $address = $city = $provincestate = $country = $location = $size = $type ="";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["company"])) {
$company = "";
} else {
$company = test_input($_POST["company"]);
}
if (empty($_POST["first-name"])) {
$fnameErr = "First name is required";
} else {
$fname = test_input($_POST["first-name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fnameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["last-name"])) {
$lnameErr = "Last name is required";
} else {
$lname = test_input($_POST["last-name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$lname)) {
$lnameErr = "Only letters allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
// check if e-mail address is well-formed
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["phone"])) {
$phoneErr = "Phone number is required";
} else {
$phone = test_input($_POST["phone"]);
// check if phone number only contains 10 digits with no formatting
if (!preg_match("/^[0-9]{10}+$/",$phone)) {
$phoneErr = "Only enter a 10 digit number";
}
}
if (empty($_POST["address"])) {
$address = "";
} else {
$address = test_input($_POST["address"]);
}
if (empty($_POST["city"])) {
$city = "";
} else {
$city = test_input($_POST["city"]);
}
if (empty($_POST["provincestate"])) {
$provincestate = "";
} else {
$provincestate = test_input($_POST["provincestate"]);
}
if (empty($_POST["country"])) {
$country = "";
} else {
$country = test_input($_POST["country"]);
}
if (empty($_POST["location"])) {
$locationErr = "Location is required";
} else {
$location = test_input($_POST["location"]);
// check if location only contains letters
if (!preg_match("/^[a-zA-Z ]*$/",$location)) {
$locationErr = "Please enter a city";
}
}
if (empty($_POST["size"])) {
$sizeErr = "Please enter a number";
} else {
$size = test_input($_POST["size"]);
}
if (empty($_POST["type"])) {
$typeErr = "Please select 1";
} else {
$type = test_input($_POST["type"]);
}
if (empty($_POST["message"])) {
$message = "";
} else {
$message = test_input($_POST["message"]);
}
}
$myemail = 'dgillison#sentinelsolar.com';//<-----Put Your email address here.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$to = $myemail;
$email_subject = "Inquiry from: $fname $lname";
$email_body = "You have received a new inquiry from:".
"\n
\n Name: $fname $lname \n Email: $email \n Phone Number: $phone
\n Address: $address \n City: $city \n Province/State: $provincestate \n Country: $country
\n I have a project in: $location \n The project type is: $type \n The estimated project size is: $size
\n Message: $message";
$headers = "From: $myemail\n";
$headers .= "Reply-To: $email";
mail($to,$email_subject,$email_body,$headers);
//redirect to the 'thank you' page
header('Location: thankyou.html');
exit();
}
?>
header() has to come before any output, so having it at the bottom will not work. Right now you don't really have an email 'function'. You can wrap that bottom piece of code into a sendEmail function. Then put the call to the function at the end of if ($_SERVER["REQUEST_METHOD"] == "POST") {.
You would have to pass all the variables in to the function. Or you could pass $_POST and do you variable cleaning in one function.
Move the email part up above the html, where it was redirecting automatically before. You need to add a check to see if there was a post request before sending the email and redirecting. Right after you set $myemail, there is an open bracket. Change this to:
if ($_SERVER["REQUEST_METHOD"] == "POST") {